[FFmpeg-cvslog] avutil/lfg: Correct index increment type to avoid undefined behavior

[Michael Niedermayer]

ffmpeg | branch: release/3.4 | Michael Niedermayer <michael at niedermayer.cc> | Sat Oct 19 21:27:41 2019 +0200| [650ce5047cf3e8286e6fbca8cdf14b1bb885bcb1] | committer: Michael Niedermayer

avutil/lfg: Correct index increment type to avoid undefined behavior

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6014bcf1b74e903f535461ade4aa5fb44dbf5d8b)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=650ce5047cf3e8286e6fbca8cdf14b1bb885bcb1
---

 libavutil/lfg.h | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/libavutil/lfg.h b/libavutil/lfg.h
index ab38a8a0df..2b669205d1 100644
--- a/libavutil/lfg.h
+++ b/libavutil/lfg.h
@@ -51,8 +51,9 @@ int av_lfg_init_from_data(AVLFG *c, const uint8_t *data, unsigned int length);
  * it may be good enough and faster for your specific use case.
  */
 static inline unsigned int av_lfg_get(AVLFG *c){
-    c->state[c->index & 63] = c->state[(c->index-24) & 63] + c->state[(c->index-55) & 63];
-    return c->state[c->index++ & 63];
+    unsigned a = c->state[c->index & 63] = c->state[(c->index-24) & 63] + c->state[(c->index-55) & 63];
+    c->index += 1U;
+    return a;
 }
 
 /**
@@ -63,7 +64,9 @@ static inline unsigned int av_lfg_get(AVLFG *c){
 static inline unsigned int av_mlfg_get(AVLFG *c){
     unsigned int a= c->state[(c->index-55) & 63];
     unsigned int b= c->state[(c->index-24) & 63];
-    return c->state[c->index++ & 63] = 2*a*b+a+b;
+    a = c->state[c->index & 63] = 2*a*b+a+b;
+    c->index += 1U;
+    return a;
 }
 
 /**